Proprietary Software and Security Leftovers
-
How Cyber Sleuths Cracked an ATM Shimmer Gang
In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.
-
Google’s security changes will break old Drive and YouTube links
On YouTube the changes will affect any videos that are public, but marked as “Unlisted.” As described in a blog post and five-minute video, any Unlisted videos that were uploaded prior to 2017 will have their status changed to Private starting on July 23rd. The way Private videos work now, that will kill any old links or embeds, plus it limits sharing to a maximum of 50 people — all of whom will need a Google account to view it.
-
How I Found A Vulnerability To [Cr]ack iCloud Accounts and How Apple Reacted To It
After all my hard work and almost a year of waiting, I didn’t get what I deserved because of Apple’s unfair judgement. So I refused to receive the bounty and told them it is unfair. I asked them to reconsider the bounty decision or let me publish the report with all the information. There wasn’t any response to my emails. So I have decided to publish my article without waiting for their response indefinitely.
-
FBI asks Congress for $40M to help combat wave of ransomware attacks [iophk: Windows TCO]
Wray noted that the FBI is currently investigating over 100 types of ransomware variations, each of which he said had “scores and scores of victims,” and that enhancing the FBI’s ability to address ransomware attacks is a top priority.
-
Standing With Security Researchers Against Misuse of the DMCA
DMCA reform has long been part of EFF’s agenda, to protect security researchers and others from its often troublesome consequences. We’ve sued to overturn the onerous provisions of Section 1201 that violate the First Amendment, we’ve advocated for exemptions in every triennial rule-making process, and the Coders Rights Project helps advise security researchers about the legal risks they face in conducting and disclosing research.
Today, we are honored to stand with a group of security companies and organizations that are showing their public support for good faith cybersecurity research, standing up against use of Section 1201 of the DMCA to suppress the software and tools necessary for that research. In the statement below, the signers have united to urge policymakers and legislators to reform Section 1201 to allow security research tools to be provided and used for good faith security research, and to urge companies and prosecutors to refrain from using Section 1201 to unnecessarily target tools used for security research.
The statement in full...
-
Texas Consumers Lose Control Of Their Thermostats, Get Another Crash Course In Value Of Competent Regulators
When last we checked in with Texas utility customers, they were literally freezing to death thanks to repeated underinvestment in the state's utility grid. The Texas utility grid is a unique mish-mash of competitors on its own grid resulting from a massive deregulation effort that didn't really deliver what was promised. The convoluted mess is overseen by state regulators -- detached from federal authority -- which have spent a decade ignoring reports calling for a hardening of the grid in the face of climate catastrophe.
-
Several Linux app stores & Pling store apps can be attacked via cross-site scripting - Market Research Telecast
The security researcher Fabian Bräunlein from Positive Security has discovered a previously unfixed cross-site scripting (XSS) vulnerability in Pling-based Linux app stores, which is also said to affect the native Pling-Store application. The vulnerability could be misused to manipulate listings, i.e. apps available for download, in affected stores and, for example, add malicious code to them. According to the researcher, the Pling Store app can also be used to execute any program code remotely (Remote Code Execution, RCE) on Linux systems under certain conditions.
The Pling platform is part of the opendesktop.org portal from hive 01 GmbH. It serves as an alternative download source for themes, icons, desktop backgrounds, software and more for Linux. Several well-known app stores, such as the KDE Store on. Positive Security mentions other examples appimagehub.com, gnome-look.org and xfce-look.org. The application based on the Electron framework Pling-Store (also “PlingStore”, formerly OCS-Store), on the other hand, is intended to facilitate the installation and management of Pling content and is advertised for this purpose by Pling-based app stores.
-
Windows Users Tricked into Ransomware Attack at Call Centers [Ed: They don't even need to be tricked because there are back doors and many zero-day flaws]
This is something repeatedly said here on Make Tech Easier, as we report the news: every time the scammers and bad actors develop a new attack, the tech industry finds a way to fight back and close that vulnerability.
-
- Login or register to post comments
- Printer-friendly version
- 434 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Programming Leftovers
Digital Restrictions (DRM) Leftovers
Monopolies Under Fire
Sparky 2021.06
Sparky 2021.06, the semi-rolling release which is based on Debian testing “Bullseye” is out. Debian Bullseye is hard frozen now, and is going to Full Freeze soon, so it is perfect time to give Sparky 6 a try before become stable.
Recent comments
42 min 15 sec ago
1 hour 9 min ago
1 hour 11 min ago
7 hours 25 min ago
9 hours 45 min ago
9 hours 47 min ago
19 hours 46 min ago
19 hours 55 min ago
20 hours 46 min ago
22 hours 8 min ago